Accenture’s security team recently published an amazing white paper on data-centric security. Considering the number of breaches corporations and businesses face, it’s no surprise that tech companies are beginning to clamp down on cybersecurity. Protecting your customers and their data is no easy task. In recent years:

1. More than 140 million customer records were leaked from a major credit reporting agency.
2. Five hundred million user accounts were compromised at a leading Internet service provider.
3. 80 million patient and employee records were breached at a health insurer.
4. More than 50 million credit card accounts were compromised at a leading retailer.

And this is just the tip of the iceberg. But how many more ships must be sunk and data lost due to lack of security? Let’s talk about getting the basics of data protection to ensure that your customers’ private data is in good hands, your hands.

How data breaches hurt you

There are three main events during a data breach:

1. Data breaches are expensive: Considering the examples above, estimates of financial loss from a serious data breach run into the tens or hundreds of millions of dollars. The average data breach can cost an organization $11.7 million, which is scary!
two. Data breaches can potentially cost lives: Whether in the intelligence, healthcare, energy, or chemicals community, data breaches have real-world consequences that affect people’s lives.
3. Data breaches occur due to multiple failures: There are multiple points of failure. For hackers to leak millions of customer records, there have typically been multiple breaches over a long period of time – days, weeks, or months!

Dominating the cyber forts

There are many practices an organization can adopt to prevent data breaches and loss. Depending on the size of your organization and your security budget, there are many things you can do to improve security:

1. Protect high-value assets – While this is obvious, protecting high value assets should be the first priority for your security team. Sometimes adopting the attacker’s mindset can give your team the perspective they need when designing and executing a threat and vulnerability program. Adding multiple techniques such as encryption, tokenization, micro-segmentation, privilege, and digital rights management can strengthen your high-value assets, making breaches longer and harder to execute.

two. people make mistakes – Protecting your data is one thing, but if you allow human error to creep into your processes, all that security will go to waste. Monitoring who will have access to what data is almost as important as encrypting everything. Continuously monitor unauthorized access and assign roles to limit access. Proper micro-segmentation in your access control can allow users with access to see what they need to see while obscuring the rest they don’t need to. By doing this, if a user’s credentials are compromised, only a segment of the data is exposed. This makes it difficult to leak large amounts of data.
3. Network enclaves are good walls – In the digital world, the lines between your walls and the outside world could become blurred. The edge is now an abstract concept that moves seamlessly between cloud, field, and control rooms. Creating enclaves or environments where you can monitor user traffic and application behavior can stop an attacker from maneuvering. When the perimeter is compromised, the enclaves remain secure and these partitions could prevent further damage.
Four. Free the hunting programs! – Don’t be complacent because your attackers won’t. Have scanning programs scan for vulnerabilities regularly and adopt a continuous response model. Always assume you have been breached and use your threat hunting teams to look for the next breach.

“Winter is coming…”

Always prepare for the worst. When you transform your incident response plan into a crisis management plan, you are better prepared for the storm. Have legal and corporate communications teams on standby so they can take action in a jiffy. Many tech companies these days run crisis drills to ensure teams can function despite losing basic functionality like email, VOIP, and other means of communication. If Google does it, it can’t be a bad idea!